# HG changeset patch
# User Alain Mazy <am@osimis.io>
# Date 1663168265 -7200
# Node ID 4af5f496a0ddd4a5f426f39a28f108034a807bbb
# Parent  c673997507ead654eecce38e1c76d810d1ca84d8
fix

diff -r c673997507ea -r 4af5f496a0dd OrthancServer/Plugins/Samples/AdvancedStorage/Plugin.cpp
--- a/OrthancServer/Plugins/Samples/AdvancedStorage/Plugin.cpp	Tue Sep 13 11:02:43 2022 +0200
+++ b/OrthancServer/Plugins/Samples/AdvancedStorage/Plugin.cpp	Wed Sep 14 17:11:05 2022 +0200
@@ -289,10 +289,13 @@
   LOG(INFO) << "Advanced Storage - creating attachment \"" << uuid << "\" of type " << static_cast<int>(type) << " (path = " + path.string() + ")";
 
   // check that the final path is not 'above' the root path (this could happen if e.g., a PatientName is ../../../../toto)
-  std::string canonicalPath = fs::canonical(path).string();
-  if (!Orthanc::Toolbox::StartsWith(canonicalPath, rootPath.string()))
+  // fs::canonical() can not be used for that since the file needs to exist
+  // so far, we'll just forbid path containing '..' since they might be suspicious
+  if (path.string().find("..") != std::string::npos)
   {
-    throw Orthanc::OrthancException(Orthanc::ErrorCode_InternalError, std::string("Advanced Storage - final path is above root: '") + canonicalPath + "' - '" + rootPath.string() + "'") ;
+    fs::path legacyPath = rootPath / GetLegacyRelativePath(uuid);
+    LOG(WARNING) << "Advanced Storage - WAS02 - Path is suspicious since it contains '..': '" << path.string() << "' will be stored in '" << legacyPath << "'";
+    path = legacyPath;
   }
 
   // check path length !!!!!, if too long, go back to legacy path and issue a warning